name: Fuzzing on: # Regression testing push: branches: - master pull_request: branches: - master # Daily midnight fuzzing schedule: - cron: '0 0 * * *' jobs: fuzzing: name: Fuzzing strategy: matrix: os: [ ubuntu-latest ] go-version: [ 1.14.x ] runs-on: ${{ matrix.os }} steps: - name: Install Go uses: actions/setup-go@v1 with: go-version: ${{ matrix.go-version }} - name: Checkout code uses: actions/checkout@v2 - name: Download go-fuzz tools and the Fuzzit CLI, move Fuzzit CLI to GOBIN # If we decide we need to prevent this from running on forks, we can use this line: # if: github.repository == 'caddyserver/caddy' run: | go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.77/fuzzit_Linux_x86_64 chmod a+x fuzzit mv fuzzit $(go env GOPATH)/bin echo "::add-path::$(go env GOPATH)/bin" - name: Generate fuzzers & submit them to Fuzzit continue-on-error: true env: FUZZIT_API_KEY: ${{ secrets.FUZZIT_API_KEY }} SYSTEM_PULLREQUEST_SOURCEBRANCH: ${{ github.ref }} BUILD_SOURCEVERSION: ${{ github.sha }} run: | # debug echo "PR Source Branch: $SYSTEM_PULLREQUEST_SOURCEBRANCH" echo "Source version: $BUILD_SOURCEVERSION" declare -A fuzzers_funcs=(\ ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="FuzzParseAddress" \ ["./caddyconfig/caddyfile/parse_fuzz.go"]="FuzzParseCaddyfile" \ ["./listeners_fuzz.go"]="FuzzParseNetworkAddress" \ ["./replacer_fuzz.go"]="FuzzReplacer" \ ) declare -A fuzzers_targets=(\ ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="parse-address" \ ["./caddyconfig/caddyfile/parse_fuzz.go"]="parse-caddyfile" \ ["./listeners_fuzz.go"]="parse-network-address" \ ["./replacer_fuzz.go"]="replacer" \ ) fuzz_type="local-regression" if [[ "${{ github.event_name }}" == "schedule" ]]; then fuzz_type="fuzzing" fi echo "Fuzzing type: $fuzz_type" for f in $(find . -name \*_fuzz.go); do FUZZER_DIRECTORY=$(dirname "$f") echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f" go-fuzz-build -func "${fuzzers_funcs[$f]}" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.zip" "$FUZZER_DIRECTORY" fuzzit create job --engine go-fuzz caddyserver/"${fuzzers_targets[$f]}" "$FUZZER_DIRECTORY"/"${fuzzers_targets[$f]}.zip" --api-key "${FUZZIT_API_KEY}" --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" echo "Completed $f" done